diff options
| author |   tb <tb@openbsd.org> | 2018-08-24 20:30:21 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2018-08-24 20:30:21 +0000 |
| commit | 1e7a28f35c78b2a96f391bbdce6e59bf4b46d07c (patch) | |
| tree | 1d19e766eb2c15de21fdc58cc59d98c5aeb85565 /lib/libssl/ssl_lib.c | |
| parent | Add const to EVP_PKCS82PKEY(). (diff) | |
| download | wireguard-openbsd-1e7a28f35c78b2a96f391bbdce6e59bf4b46d07c.tar.xz wireguard-openbsd-1e7a28f35c78b2a96f391bbdce6e59bf4b46d07c.zip | |
Let SSL_copy_session_id() return an int for error checking.
Accordingly, add some error checking to SSL_copy_session_id(),
BIO_ssl_copy_session_id(), and SSL_dup().
Prompted by OpenSSL commit 17dd65e6e1f
Tested in a bulk build by sthen
ok jsing
Diffstat (limited to 'lib/libssl/ssl_lib.c')
| -rw-r--r-- | lib/libssl/ssl_lib.c | 49 |
1 files changed, 25 insertions, 24 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 4f1eb5bf0af..0dbc7b37071 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.185 2018/04/25 07:10:39 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.186 2018/08/24 20:30:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -853,22 +853,21 @@ SSL_get_peer_cert_chain(const SSL *s) * Now in theory, since the calling process own 't' it should be safe to * modify. We need to be able to read f without being hassled */ -void +int SSL_copy_session_id(SSL *t, const SSL *f) { CERT *tmp; - /* Do we need to to SSL locking? */ - SSL_set_session(t, SSL_get_session(f)); + /* Do we need to do SSL locking? */ + if (!SSL_set_session(t, SSL_get_session(f))) + return 0; - /* - * What if we are setup as SSLv2 but want to talk SSLv3 or - * vice-versa. - */ + /* What if we are set up for one protocol but want to talk another? */ if (t->method != f->method) { - t->method->internal->ssl_free(t); /* cleanup current */ - t->method = f->method; /* change method */ - t->method->internal->ssl_new(t); /* setup new */ + t->method->internal->ssl_free(t); + t->method = f->method; + if (!t->method->internal->ssl_new(t)) + return 0; } tmp = t->cert; @@ -878,7 +877,11 @@ SSL_copy_session_id(SSL *t, const SSL *f) } else t->cert = NULL; ssl_cert_free(tmp); - SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length); + + if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) + return 0; + + return 1; } /* Fix this so it checks all the valid key/cert options */ @@ -2500,15 +2503,15 @@ SSL_dup(SSL *s) int i; if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) - return (NULL); + goto err; ret->version = s->version; ret->internal->type = s->internal->type; ret->method = s->method; if (s->session != NULL) { - /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ - SSL_copy_session_id(ret, s); + if (!SSL_copy_session_id(ret, s)) + goto err; } else { /* * No session has been established yet, so we have to expect @@ -2528,8 +2531,9 @@ SSL_dup(SSL *s) goto err; } - SSL_set_session_id_context(ret, - s->sid_ctx, s->sid_ctx_length); + if (!SSL_set_session_id_context(ret, s->sid_ctx, + s->sid_ctx_length)) + goto err; } ret->internal->options = s->internal->options; @@ -2612,13 +2616,10 @@ SSL_dup(SSL *s) } } - if (0) { -err: - if (ret != NULL) - SSL_free(ret); - ret = NULL; - } - return (ret); + return ret; + err: + SSL_free(ret); + return NULL; } void |